PaulDotCom mailing list archives
Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions?
From: gbugbear at gmail.com (Bugbear)
Date: Wed, 29 Oct 2008 10:53:27 -0400
That would be sweet - the cage match HD had some interesting comments on IP v6 too - fully recommend the interviews Thanks for the comments On Wed, Oct 29, 2008 at 10:23 AM, Jack Daniel <jackadaniel at gmail.com> wrote:
Actually, I thought the juxtaposition of back to back interviews with HD Moore and Marcus Ranum was very interesting, regardless of what you think of the individuals' opinions. Maybe Paul and Larry can take the next step and set up the steel cage. Jack 2008/10/29 Bugbear <gbugbear at gmail.com>:So I was listening to the Risky Business Podcast this AM (#85) on mycommutein (right after finishing part II of pauldotcom) and they had Tenable Network Security's CSO Marcus Ranum on. Marcus stated that he felt tools such as Core and Metasploit had no usefulness in pen test. He emphasised that a design review and vulnerability scanning should be enough. While I may have misunderstood his statements and I do agreedesign/configreviews and vulnerability scanning needs to be the first and second stepofany regular review, pen test, etc... I completely disagree on hiscommentson using such aforementioned tools in conjunction with products such as Nessus. i.e. Nessus is not going to tell me if my blackberry user is connecting to free wifi and is vulnerable to Karma, etc.. Thoughts, comments, opinions? Interested in what the viewpoint of thebroadbackground of pauldotcom listeners! Or maybe someone can clarify his comments for me. Tim _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- ______________________________________ Jack Daniel, Reluctant CISSP http://blog.uncommonsensesecurity.com http://www.linkedin.com/in/jackadaniel _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081029/25f69b7f/attachment.htm
Current thread:
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? Bugbear (Oct 29)
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? Jack Daniel (Oct 29)
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? Arch Angel (Oct 29)
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? Arch Angel (Oct 29)
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? Jack Daniel (Oct 29)
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? Bugbear (Oct 29)
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? PJ McGarvey (Oct 29)
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? Paul Asadoorian (Oct 30)
- Marcus Ranum downplays importance of Pen Test Tools like Metasploit - opinions? Jack Daniel (Oct 29)